Get started

Dear Valued Clients:

We are writing to inform you of a security incident that may have resulted in limited access to your personal information.

What Happened?

On November 5, 2024, we discovered that an unauthorized third party illegally accessed one of our email accounts and sent out phishing emails through that account. We immediately engaged  a team of security experts, including legal counsel, to secure our systems and conduct a full investigation into the cause and scope of the incident.

What Information was involved?  

The potentially impacted personal information varied by individual and may have included any of the following: full legal name, former/maiden name, date of birth, address, email address, phone number, property tax bill, rental equipment statements, copy of signature, marriage certificate, social insurance number, financial account number (including transit number), financial account type, line of credit information, bank account information, credit/debit card number, PIN or security code, mortgage information, pension information, pre-authorized payment form, tax bill, void cheque, wire instructions, passport information (including passport number), permanent resident card, and birth certificate.

We have no evidence that any of your information has been impacted, however we have elected to notify you out of an abundance of caution so that you may take whatever steps you deem necessary to protect yourself.

Response and Steps Taken to Date to Protect You  

As soon as we learned of the incident, we immediately engaged a team of security experts to ensure our network and systems were fully secured.  We took systems offline, reset all user accounts, and changed all passwords and credentials.  

We have taken steps to prevent a similar event from occurring in the future, including  implementing multi-factor authentication and conditional access policies. We also instituted antiphishing training and regular password changes for all employees.

We are offering one year of complimentary credit monitoring to individuals whose financial information may have been impacted. Please contact us at clientsupport@kormans.ca, and we will advise whether this impacts you and provide you with details to sign up.

Additional Steps

We encourage you to be vigilant and mitigate any potential harm by taking the following steps to protect yourself:

Be vigilant for signs of identity fraud.

It is possible that unauthorized individuals could attempt to use your information for the purposes of attempted identity fraud. This means that they could try to use that Information to impersonate you to obtain a benefit or service.  Please remain vigilant for any potential signs of identity fraud such as suspicious activity on your bank accounts, unauthorized redirection of mail, unauthorized porting of your mobile phone, or receiving goods or services that you did not order.

Be wary of social engineering attempts.

It is possible that these unauthorized individuals may try to use the Information for other fraudulent purposes.  A fraudster may contact you in an attempt to trick you into providing more personal information or access credentials, or to divert payments to or from you. To protect yourself against social engineering:

  • be wary of anyone that contacts you and requests personal information or access  credentials from you, even if they appear to know other details about you;
  • do not respond to email or text messages asking for personal information – few legitimate organizations will ask for personal information by email or text;
  • be on the lookout for spoofed email address - hover over the e-mail address to see and  verify the exact e-mail address (rather than just the name used);  
  • be careful of unsolicited telephone calls which purport to be from a government authority  or business;  
  • remain vigilant regarding any suspicious emails that ask you to open attachments or click  on links - do not click on links unless you have confirmed they are legitimate;  
  • be suspicious of any requests for changes made to payment instructions and confirm all  such changes by phone call to known and trusted numbers; and,
  • if in doubt, send an independent e-mail (i.e., do not click “reply”) to the sender to confirm  the contents of the original e-mail, or alternatively, call the sender to confirm they sent the  e-mail.

We remain committed to protecting your privacy and keeping your information secure. We sincerely apologize for any inconvenience this may cause you. Should you have additional questions or concerns, please contact Sharon Edoo at clientsupport@kormans.ca.

Sincerely,

Sharon Edoo, Director of Firm
Kormans LLP

Frequently Asked Questions

Has the incident been resolved?
plus icon

Yes. We have secured the affected email account.

Are Kormans’ systems safe to use?
plus icon

Yes. We are confident that our systems are secure and safe for use.

What action do I need to take?
plus icon

Please note that there is no evidence that your information has been accessed or misused. However, we always encourage you to be vigilant and mitigate any potential harm by taking steps to protect yourself. We suggest that you remain vigilant for signs of identity fraud and social engineering attempts

What specific information of mine was affected?
plus icon

If you would like further details about whether your information was impacted, please send us an email at clientsupport@kormans.ca, and someone from Kormans will contact you.

Has my personal information been misused?
plus icon

We do not have any information that your personal information has been targeted, copied or misused as a result of this incident.

Does this mean I am a victim of identity theft or fraud?
plus icon

No. Notification of this incident does not mean you are a victim of identity theft or fraud. We are providing notice of this incident out of an abundance of caution.  As a precaution, we encourage you to review the information provided about steps you can take to protect your information against identity theft and fraud, should you determine it is appropriate to do so.

What did you do when you discovered the incident?
plus icon

As soon as we learned of the incident, we immediately engaged a team of security experts toensure our network and systems were fully secured.  We took systems offline, reset all user accounts, and changed all passwords and credentials.We have taken steps to prevent a similar event from occurring in the future, including implementing multi-factor authentication and conditional access policies. We instituted anti-phishing training and regular password changes for all employees.

Why are you notifying now rather than when you first found out about the incident?
plus icon

Security and confidentiality are extremely important to us. Prior to notification, it was necessary to ensure that the incident had been contained and that there was no further risk of access. We also wanted to identify what information may have been accessed; and identify the individuals who may have been affected.

We wanted to wait until our investigation was complete to ensure that our information related to the breach is comprehensive and accurate. The investigation process took time as we wanted to be sure that no issues were overlooked.

Why was I notified?
plus icon

There is no evidence that your personal information was affected. However, your personal information may have been included in the email inbox which may have been accessed during the incident. As a precaution, we recommend that you take appropriate steps to safeguard yourself from any potential misuse of your personal information.

What else can I do? I am concerned about my personal information being misused.
plus icon

There are some best practices you can consider to help reduce potential risk, such as:

  • Being vigilant for signs of identity fraud, such as suspicious activity on your bank accounts.
  • Requesting a copy of your credit report from one or both credit reporting agencies – TransUnion Canada and Equifax Canada.
  • Being careful when sharing your personal information unsolicited, whether by phone, email, or on a website.
  • Avoiding clicking on links or downloading attachments in suspicious emails.
How can I be sure this won't happen again?
plus icon

As mentioned, we took immediate steps to contain and respond to the incident. This included retaining external security experts, taking systems offline, resetting all user accounts, andchanging all passwords and credentials.We launched a full investigation into the cause and scope of the incident with support from external cybersecurity experts. Our investigation has concluded and we have implemented further security measures to ensure that this doesn’t happen again.

We have taken steps to prevent a similar event from occurring in the future, including implementing multi-factor authentication and conditional access policies. We instituted anti- phishing training and regular password changes for all employees.